blob: 8b6fda7cc9e1319071bcb7a8bd5639f2fe3a4f4f [file] [log] [blame]
{%- if pillar.neutron.gateway is defined %}
{%- from "neutron/map.jinja" import gateway as neutron with context %}
{%- else %}
{%- from "neutron/map.jinja" import compute as neutron with context %}
{%- endif %}
[DEFAULT]
#
# From neutron
#
# Where to store Neutron state files. This directory must be writable by the
# agent. (string value)
#state_path = /var/lib/neutron
# The host IP to bind to. (host address value)
#bind_host = 0.0.0.0
# The port to bind to (port value)
# Minimum value: 0
# Maximum value: 65535
#bind_port = 9696
# The path for API extensions. Note that this can be a colon-separated list of
# paths. For example: api_extensions_path =
# extensions:/path/to/more/exts:/even/more/exts. The __path__ of
# neutron.extensions is appended to this, so if your extensions are in there
# you don't need to specify them here. (string value)
#api_extensions_path =
# The type of authentication to use (string value)
#auth_strategy = keystone
{%- if neutron.backend.engine == "ml2" %}
# The core plugin Neutron will use (string value)
core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin
# The service plugins Neutron will use (list value)
service_plugins = {{ neutron.backend.get('router', 'router')}},metering
{%- endif %}
# The base MAC address Neutron will use for VIFs. The first 3 octets will
# remain unchanged. If the 4th octet is not 00, it will also be used. The
# others will be randomly generated. (string value)
#base_mac = fa:16:3e:00:00:00
{%- if neutron.base_mac is defined %}
base_mac = {{ neutron.base_mac }}
{%- endif %}
# Allow the usage of the bulk API (boolean value)
#allow_bulk = true
# The maximum number of items returned in a single response, value was
# 'infinite' or negative integer means no limit (string value)
pagination_max_limit = {{ neutron.pagination_max_limit|default('-1') }}
# Default value of availability zone hints. The availability zone aware
# schedulers use this when the resources availability_zone_hints is empty.
# Multiple availability zones can be specified by a comma separated string.
# This value can be empty. In this case, even if availability_zone_hints for a
# resource is empty, availability zone is considered for high availability
# while scheduling the resource. (list value)
#default_availability_zones =
# Maximum number of DNS nameservers per subnet (integer value)
#max_dns_nameservers = 5
# Maximum number of host routes per subnet (integer value)
#max_subnet_host_routes = 20
# Enables IPv6 Prefix Delegation for automatic subnet CIDR allocation. Set to
# True to enable IPv6 Prefix Delegation for subnet allocation in a PD-capable
# environment. Users making subnet creation requests for IPv6 subnets without
# providing a CIDR or subnetpool ID will be given a CIDR via the Prefix
# Delegation mechanism. Note that enabling PD will override the behavior of the
# default IPv6 subnetpool. (boolean value)
#ipv6_pd_enabled = false
# DHCP lease duration (in seconds). Use -1 to tell dnsmasq to use infinite
# lease times. (integer value)
dhcp_lease_duration = {{ neutron.dhcp_lease_duration|default('600') }}
# Domain to use for building the hostnames (string value)
#dns_domain = openstacklocal
# Driver for external DNS integration. (string value)
#external_dns_driver = <None>
# Allow sending resource operation notification to DHCP agent (boolean value)
#dhcp_agent_notification = true
# Allow overlapping IP support in Neutron. Attention: the following parameter
# MUST be set to False if Neutron is being used in conjunction with Nova
# security groups. (boolean value)
allow_overlapping_ips = true
# Hostname to be used by the Neutron server, agents and services running on
# this machine. All the agents and services running on this machine must use
# the same host value. (host address value)
#host = example.domain
# This string is prepended to the normal URL that is returned in links to the
# OpenStack Network API. If it is empty (the default), the URLs are returned
# unchanged. (string value)
#network_link_prefix = <None>
# Send notification to nova when port status changes (boolean value)
notify_nova_on_port_status_changes = true
# Send notification to nova when port data (fixed_ips/floatingip) changes so
# nova can update its cache. (boolean value)
notify_nova_on_port_data_changes = true
# Number of seconds between sending events to nova if there are any events to
# send. (integer value)
#send_events_interval = 2
# Neutron IPAM (IP address management) driver to use. By default, the reference
# implementation of the Neutron IPAM driver is used. (string value)
#ipam_driver = internal
# If True, then allow plugins that support it to create VLAN transparent
# networks. (boolean value)
#vlan_transparent = false
# If True, then allow plugins to decide whether to perform validations on
# filter parameters. Filter validation is enabled if this configis turned on
# and it is supported by all plugins (boolean value)
#filter_validation = true
# MTU of the underlying physical network. Neutron uses this value to calculate
# MTU for all virtual network components. For flat and VLAN networks, neutron
# uses this value without modification. For overlay networks such as VXLAN,
# neutron automatically subtracts the overlay protocol overhead from this
# value. Defaults to 1500, the standard value for Ethernet. (integer value)
# Deprecated group/name - [ml2]/segment_mtu
global_physnet_mtu = {{ neutron.get('global_physnet_mtu', '1500') }}
# Number of backlog requests to configure the socket with (integer value)
#backlog = 4096
# Number of seconds to keep retrying to listen (integer value)
#retry_until_window = 30
# Enable SSL on the API server (boolean value)
#use_ssl = false
# Seconds between running periodic tasks. (integer value)
#periodic_interval = 40
# Number of separate API worker processes for service. If not specified, the
# default is equal to the number of CPUs available for best performance.
# (integer value)
#api_workers = <None>
{%- if neutron.api_workers is defined %}
api_workers = {{ neutron.api_workers }}
{%- endif %}
# Number of RPC worker processes for service. (integer value)
rpc_workers = {{ neutron.rpc_workers|default(grains.num_cpus) }}
# Number of RPC worker processes dedicated to state reports queue. (integer
# value)
rpc_state_report_workers = {{ neutron.rpc_state_report_workers|default('4') }}
# Range of seconds to randomly delay when starting the periodic task scheduler
# to reduce stampeding. (Disable by setting to 0) (integer value)
#periodic_fuzzy_delay = 5
#
# From neutron.agent
#
# The driver used to manage the virtual interface. (string value)
#interface_driver = <None>
# Location for Metadata Proxy UNIX domain socket. (string value)
#metadata_proxy_socket = $state_path/metadata_proxy
# User (uid or name) running metadata proxy after its initialization (if empty:
# agent effective user). (string value)
#metadata_proxy_user =
# Group (gid or name) running metadata proxy after its initialization (if
# empty: agent effective group). (string value)
#metadata_proxy_group =
#
# From neutron.db
#
# Seconds to regard the agent is down; should be at least twice
# report_interval, to be sure the agent is down for good. (integer value)
#agent_down_time = 75
# Representing the resource type whose load is being reported by the agent.
# This can be "networks", "subnets" or "ports". When specified (Default is
# networks), the server will extract particular load sent as part of its agent
# configuration object from the agent report state, which is the number of
# resources being consumed, at every report_interval.dhcp_load_type can be used
# in combination with network_scheduler_driver =
# neutron.scheduler.dhcp_agent_scheduler.WeightScheduler When the
# network_scheduler_driver is WeightScheduler, dhcp_load_type can be configured
# to represent the choice for the resource being balanced. Example:
# dhcp_load_type=networks (string value)
# Possible values:
# networks - <No description provided>
# subnets - <No description provided>
# ports - <No description provided>
#dhcp_load_type = networks
# Agent starts with admin_state_up=False when enable_new_agents=False. In the
# case, user's resources will not be scheduled automatically to the agent until
# admin changes admin_state_up to True. (boolean value)
#enable_new_agents = true
# Maximum number of routes per router (integer value)
#max_routes = 30
# Define the default value of enable_snat if not provided in
# external_gateway_info. (boolean value)
#enable_snat_by_default = true
# Driver to use for scheduling network to DHCP agent (string value)
#network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
# Allow auto scheduling networks to DHCP agent. (boolean value)
#network_auto_schedule = true
# Automatically remove networks from offline DHCP agents. (boolean value)
#allow_automatic_dhcp_failover = true
# Number of DHCP agents scheduled to host a tenant network. If this number is
# greater than 1, the scheduler automatically assigns multiple DHCP agents for
# a given tenant network, providing high availability for DHCP service.
# (integer value)
dhcp_agents_per_network = 2
# Enable services on an agent with admin_state_up False. If this option is
# False, when admin_state_up of an agent is turned False, services on it will
# be disabled. Agents with admin_state_up False are not selected for automatic
# scheduling regardless of this option. But manual scheduling to such agents is
# available if this option is True. (boolean value)
#enable_services_on_agents_with_admin_state_down = false
# The base mac address used for unique DVR instances by Neutron. The first 3
# octets will remain unchanged. If the 4th octet is not 00, it will also be
# used. The others will be randomly generated. The 'dvr_base_mac' *must* be
# different from 'base_mac' to avoid mixing them up with MAC's allocated for
# tenant ports. A 4 octet example would be dvr_base_mac = fa:16:3f:4f:00:00.
# The default is 3 octet (string value)
#dvr_base_mac = fa:16:3f:00:00:00
{%- if neutron.dvr_base_mac is defined %}
{%- if neutron.base_mac is defined %}
{%- if neutron.base_mac != neutron.dvr_base_mac %}
dvr_base_mac = {{ neutron.dvr_base_mac }}
{%- endif %}
{%- else %}
dvr_base_mac = {{ neutron.dvr_base_mac }}
{%- endif %}
{%- endif %}
# System-wide flag to determine the type of router that tenants can create.
# Only admin can override. (boolean value)
router_distributed = {{ neutron.get('dvr', 'false') }}
# Determine if setup is configured for DVR. If False, DVR API extension will be
# disabled. (boolean value)
enable_dvr = {{ neutron.get('dvr', 'false') }}
# Driver to use for scheduling router to a default L3 agent (string value)
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
# Allow auto scheduling of routers to L3 agent. (boolean value)
#router_auto_schedule = true
# Automatically reschedule routers from offline L3 agents to online L3 agents.
# (boolean value)
allow_automatic_l3agent_failover = true
# Enable HA mode for virtual routers. (boolean value)
l3_ha = {{ neutron.get('l3_ha', 'false') }}
# Maximum number of L3 agents which a HA router will be scheduled on. If it is
# set to 0 then the router will be scheduled on every agent. (integer value)
max_l3_agents_per_router = 0
# Subnet used for the l3 HA admin network. (string value)
#l3_ha_net_cidr = 169.254.192.0/18
# The network type to use when creating the HA network for an HA router. By
# default or if empty, the first 'tenant_network_types' is used. This is
# helpful when the VRRP traffic should use a specific network which is not the
# default one. (string value)
#l3_ha_network_type =
# The physical network name with which the HA network can be created. (string
# value)
#l3_ha_network_physical_name =
#
# From neutron.extensions
#
# Maximum number of allowed address pairs (integer value)
#max_allowed_address_pair = 10
{%- if neutron.logging is defined %}
{%- set _data = neutron.logging %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/_log.conf" %}
{%- endif %}
{%- if neutron.message_queue|default(none) is not none %}
{%- set _data = neutron.message_queue %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/messaging/_default.conf" %}
{%- endif %}
{%- set _data = {} %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/service/_wsgi_default.conf" %}
[agent]
#
# From neutron.agent
#
# Root helper application. Use 'sudo neutron-rootwrap
# /etc/neutron/rootwrap.conf' to use the real root filter facility. Change to
# 'sudo' to skip the filtering and just run the command directly. (string
# value)
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
# Use the root helper when listing the namespaces on a system. This may not be
# required depending on the security configuration. If the root helper is not
# required, set this to False for a performance improvement. (boolean value)
#use_helper_for_ns_read = true
#
# Root helper daemon application to use when possible.
#
# Use 'sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf' to run rootwrap
# in "daemon mode" which has been reported to improve performance at scale. For
# more information on running rootwrap in "daemon mode", see:
#
# https://docs.openstack.org/oslo.rootwrap/latest/user/usage.html#daemon-mode
#
# For the agent which needs to execute commands in Dom0 in the hypervisor of
# XenServer, this option should be set to 'xenapi_root_helper', so that it will
# keep a XenAPI session to pass commands to Dom0.
# (string value)
#root_helper_daemon = <None>
{%- if neutron.root_helper_daemon|default(True) %}
root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
{%- endif %}
# Seconds between nodes reporting state to server; should be less than
# agent_down_time, best if it is half or less than agent_down_time. (floating
# point value)
report_interval = 10
# Log agent heartbeats (boolean value)
#log_agent_heartbeats = false
# Add comments to iptables rules. Set to false to disallow the addition of
# comments to generated iptables rules that describe each rule's purpose.
# System must support the iptables comments module for addition of comments.
# (boolean value)
#comment_iptables_rules = true
# Duplicate every iptables difference calculation to ensure the format being
# generated matches the format of iptables-save. This option should not be
# turned on for production systems because it imposes a performance penalty.
# (boolean value)
#debug_iptables_rules = false
# Action to be executed when a child process dies (string value)
# Possible values:
# respawn - <No description provided>
# exit - <No description provided>
#check_child_processes_action = respawn
# Interval between checks of child process liveness (seconds), use 0 to disable
# (integer value)
#check_child_processes_interval = 60
# Availability zone of this node (string value)
#availability_zone = nova
[cors]
{%- if neutron.cors is defined %}
{%- set _data = neutron.cors %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/_cors.conf" %}
{%- endif %}
[keystone_authtoken]
{%- if neutron.identity is defined %}
{%- set _data = neutron.identity %}
{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': neutron.cacert_file}) %}{% endif %}
{%- set auth_type = _data.get('auth_type', 'password') %}
{%- if neutron.get('cache',{}).members is defined and 'cache' not in _data.keys() %}
{%- do _data.update({'cache': neutron.cache}) %}
{%- endif %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/keystonemiddleware/_auth_token.conf" %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/keystoneauth/_type_" + auth_type + ".conf" %}
{%- endif %}
[oslo_concurrency]
{%- set _data = neutron.get('concurrency', {}) %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/_concurrency.conf" %}
{%- if neutron.message_queue|default(none) is not none %}
{%- set _data = neutron.message_queue %}
{%- if _data.engine == 'rabbitmq' %}
{%- set messaging_engine = 'rabbit' %}
{%- else %}
{%- set messaging_engine = _data.engine %}
{%- endif %}
[oslo_messaging_{{ messaging_engine }}]
{%- if _data.ssl is defined and 'cacert_file' not in _data.get('ssl', {}).keys() %}{% do _data['ssl'].update({'cacert_file': neutron.cacert_file}) %}{% endif %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/messaging/_" + messaging_engine + ".conf" %}
{%- endif %}
[oslo_messaging_notifications]
{%- set _data = neutron.notification %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/messaging/_notifications.conf" %}
[oslo_middleware]
{%- set _data = neutron %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/_middleware.conf" %}
[oslo_policy]
{%- if neutron.policy is defined %}
{%- set _data = neutron.policy %}
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/_policy.conf" %}
{%- endif %}
[quotas]
#
# From neutron
#
# Default number of resource allowed per tenant. A negative value means
# unlimited. (integer value)
#default_quota = -1
# Number of networks allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_network = 100
# Number of subnets allowed per tenant, A negative value means unlimited.
# (integer value)
#quota_subnet = 100
# Number of ports allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_port = 500
# Default driver to use for quota checks. (string value)
#quota_driver = neutron.db.quota.driver.DbQuotaDriver
{%- if neutron.backend.engine == "contrail" %}
quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
{%- endif %}
# Keep in track in the database of current resource quota usage. Plugins which
# do not leverage the neutron database should set this flag to False. (boolean
# value)
#track_quota_usage = true
#
# From neutron.extensions
#
# Number of routers allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_router = 10
# Number of floating IPs allowed per tenant. A negative value means unlimited.
# (integer value)
#quota_floatingip = 50
# Number of security groups allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group = 10
# Number of security rules allowed per tenant. A negative value means
# unlimited. (integer value)
#quota_security_group_rule = 100
[ssl]
{%- include "oslo_templates/files/" ~ neutron.version ~ "/oslo/service/_ssl.conf" %}
[ovs]
{%- if neutron.backend.ovsdb_interface is defined %}
ovsdb_interface = {{ neutron.backend.ovsdb_interface }}
{%- endif %}
{%- if neutron.backend.ovsdb_connection is defined %}
ovsdb_connection = {{ neutron.backend.ovsdb_connection }}
{%- endif %}